Standards, Regulations & Compliance
Think GDPR Won't Apply to You? Think Again
Robert Mills of Information Security Forum on Who Must Comply, and How to Prepare
In North America, many organizations mistakenly believe the European Union's General Data Protection Regulation won't impact them, says Robert Mills of the Information Security Forum. "If they are multinational and holding EU data, it does apply to them," he points out.
See Also: 6 Critical Capabilities for an Application GRC Solution
"This regulation has teeth. We're talking about 4 percent of annual turnover [maximium penalty for noncompliance]. That is a big hit, for even a multinational. So organizations need to be looking at this now."
In a video interview at Information Security Media Group's recent Toronto Fraud and Breach Prevention Summit, Mills also discusses:
- Who should take ownership for GDPR compliance preparation before enforcement begins next May;
- What organizations should be doing now to prepare;
- The implications for failing to comply with GDPR.
Mills is the regional director, U.S. and Canada at the Information Security Forum. Previously, he held positions at the International Customer Management Institute and Smartstops.net.
About the Author
Joan Goodchild
Director of Multimedia Content, ISMG
Joan Goodchild is veteran writer and editor who has been covering security for more than a decade. Before joining ISMG, she was the editor-in-chief of CSO, where she led the team to several national awards, including an AZBEE (ASPBE) for website of the year and several Digital Eddie (Folio) awards for B2B website of the year. Her previous experience in business journalism includes roles as a broadcast and web editor with the Boston Business Journal and as a news writer covering the Windows OS with TechTarget. Prior to that, she worked as a television reporter and anchor for more than a decade. She has a master's degree in journalism from Northwestern University's Medill School of Journalism and is the recipient of an Edward R. Murrow award for investigative reporting.
